Cybersecurity Top Risk for Enterprise C-Suite Leaders, PwC Study Says
Cybersecurity is now firmly on the agenda of the entire C-suite, consultancy PricewaterhouseCoopers (PwC) reports in a new survey of more than 700 U.S. business leaders across a variety of industries.
Of key enterprise issues, cybersecurity ranks at the top of business risks, with nearly 80% of the respondents considering it a moderate to serious risk. The warning isn’t confined to just chief information security officers, but ranges from chief executives to chief financial officers, chief operating officers, chief technology officers, chief marketing officers and includes corporate board members. Virtually all roles ranked cyber attacks high on their list of risks, PwC said.
Cybersecurity Tied to Business Strategy
Overall, 40% of business leaders ranked cybersecurity as the top serious risk facing their companies, and 38% ranked it a moderate risk. Similarly, more than eight in 10 business leaders are either closely monitoring or taking action on potential regulatory changes regarding privacy and data protection that the Securities and Exchange (SEC) proposed last March, the report said. The proposal would require publicly held companies’ boards to oversee cybersecurity risk and maintain a certain level of expertise.
Sean Joyce, PwC Global and U.S. cybersecurity and privacy leader, explained the imperative for enhanced cyber programs:
“Cybersecurity is a strategic business enabler — technology is the central nervous system of many companies — and confirming its data is secure and protected can be brand defining. There’s now heightened attention from a wider range of business leaders and corporate directors as they recognize that cybersecurity and data privacy should be part of not only a risk management strategy, but also a broader corporate strategy. C-suite and boards are actively taking steps to better understand the global threat landscape, confirm a foundational cybersecurity program is in place, and manage these risks to create opportunities.”
Recommendations for Addressing Cybersecurity
PwC, which operates a Top 250 MSSP business unit, offers six steps businesses can take to address cybersecurity concerns:
- View cybersecurity as a broad business concern and not just an IT issue.
- Build cybersecurity and data privacy into agendas across the C-suite and board.
- Increase investment to improve security.
- Educate employees on effective cybersecurity practices.
- For each new business initiative or transformation, make sure there’s a cyber plan in place.
- Use data and intelligence to regularly measure cyber risks. Proactively look for blind spots in third-party relationships and supply chains.
Meanwhile, in related findings, half of the companies in the survey are reducing overall headcount, while 52% are instituting hiring freezes and 44% are rescinding offers. The layoffs are part of an emerging trend among businesses to find the right talent and skills for particular jobs rather than merely filling slots to fill personnel gaps or slotting people in positions for which they’re not a good fit, the study found. In fact, some 52% of respondents are considering acquisitions to gain access to needed talent.
“It’s critical to find employees with the right combination of deep functional knowledge and technology know-how,” the study’s authors wrote. While PwC did not directly connect the potential for layoffs to cybersecurity, a skills shortage has long plagued the cybersecurity sector to where hundreds of thousands of jobs go unfilled.